Synchronization facility for information domains employing replicas

US 20040117667A1
Filed: 08/12/2003
Published: 06/17/2004
Est. Priority Date: 12/12/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for synchronizing entries in a replicated storage system, the method comprising:

invalidating an entry of at least one replica store, wherein the invalidating of the entry of the replica store triggers information synchronization of a corresponding invalidated entry of a master store to a corresponding entry of an authoritative store on a next attempt to authenticate against the invalidated entry of the replica store.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms have been developed for synchronizing information, e.g., password or other access credential information, amongst replicated directory spaces or repositories. In some exemplary realizations, directory spaces are embodied as directory servers, services or similar components of computer operating systems, including LDAP, UDDI, Active Directory or other standardized or proprietary directory environments. In one embodiment in accordance with the present invention, a method includes invalidating an entry of at least one replica store. The invalidation of the entry of the replica store triggers information synchronization of a corresponding invalidated entry of a master store to a corresponding entry of an authoritative store on a next attempt to authenticate against the invalidated entry of the replica store. The method may include propagating information of the synchronized master store entry to at least one other replica store.

61 Citations

View as Search Results

41 Claims

1. A method for synchronizing entries in a replicated storage system, the method comprising:
- invalidating an entry of at least one replica store, wherein the invalidating of the entry of the replica store triggers information synchronization of a corresponding invalidated entry of a master store to a corresponding entry of an authoritative store on a next attempt to authenticate against the invalidated entry of the replica store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method, as recited in claim 1, wherein the replica store is a slave store.
  - 3. The method, as recited in claim 1, further comprising:
    - propagating information of the synchronized master store entry to at least one other replica store.
  - 4. The method, as recited in claim 1, further comprising:
    - propagating information of the synchronized master store entry to at least a second master store.
  - 5. The method, as recited in claim 1, further comprising:
    - invalidating a corresponding entry of at least a second master store.
  - 6. The method, as recited in claim 1, further comprising:
    - synchronizing the invalidated entry of the master store to a corresponding entry of an authoritative store.
  - 7. The method, as recited in claim 6, wherein the synchronization of the invalidated entry of the master store to the corresponding entry of an authoritative store is based at least in part on information received from the replica store.
  - 8. The method, as recited in claim 1, further comprising:
    - authenticating information at the master store for a request to authenticate at the replica store against the invalidated entry of the replica store.
  - 9. The method, as recited in claim 1, further comprising:
    - synchronizing the invalidated entry of the replica store to a corresponding entry of the master store.
  - 10. The method, as recited in claim 9, wherein the master store synchronizes the entry of the replica store to the corresponding entry of the master store.
  - 11. The method, as recited in claim, 1 further comprising:
    - authenticating information at the replica store for a request, received by the replica store, to authenticate at the replica store against a valid entry.
  - 12. The method, as recited in claim 6, wherein the information in the master store and the authoritative store are encoded using dissimilar protective transforms.
  - 13. The method, as recited in claim 1, wherein the replica store and master store are encoded using similar or identical protective transforms.
  - 14. The method, as recited in claim 1, further comprising:
    - detecting change to an entry of an authoritative store.
  - 15. The method, as recited in claim 1, wherein the information includes an encoded credential.
  - 16. The method, as recited in claim 1, wherein the information includes user authentication information.
  - 17. The method, as recited in claim 1, further comprising:
    - securing at least some communications between the master and replica stores using a protective transform.
  - 18. The method, as recited in claim 17, wherein the protective transform is in accordance with a secure sockets layer (SSL) protocol.
  - 19. The method, as recited in claim 1, embodied, at least in part, as a computer program product executable encoded in one or more computer readable media selected from the set of disk, tape, or other magnetic, optical, or electronic storage medium and a network, wireline, wireless, or other communication medium.
  - 20. The method, as recited in claim 1, embodied, at least in part, as a replicated directory system.
  - 21. The method, as recited in claim 20, wherein the replicated directory system operates in accordance with a Lightweight Directory Access Protocol (LDAP).

22. A computer system comprising:
- a master store; and
  
  at least one replica store, wherein the master store pushes invalidation information from the master store to the replica store.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The computer system of claim 22, wherein in response to the invalidation information, the replica store chains authentication to the master store.
  - 24. The computer system of claim 22, wherein the master store pushes synchronization information from the master store to the replica store.
  - 25. The computer system of claim 22, wherein the master store synchronizes an invalidated entry with a corresponding entry of an authoritative store in response to an invalidity indicator.
  - 26. The computer system of claim 25 further comprising:
    - the authoritative store.

27. A computer program product executable to synchronize information stored in a replica store with that stored in a master store, wherein the master store synchronizes with an authoritative store in response to an invalidity indication for an entry of the master store and based at least in part on information received from the replica store.
- View Dependent Claims (28, 29)
- - 28. The computer program product executable of claim 27, wherein the synchronization is performed without reversing the protective transform employed by the authoritative store.
  - 29. The computer program product executable of claim 27, wherein the master store updates the replica store.

30. A computer program product executable to synchronize information stored in a replica store with that stored in a master store, wherein the replica store authenticates at a master store in response to an invalidity indication for an entry of the replica store.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The computer program product executable of claim 30, wherein the replica store chains authentication information to the master store.
  - 32. The computer program product executable of claim 30, wherein the master store synchronizes the invalid entry of the replica store.
  - 33. The computer program product executable of claim 30, wherein the master store invalidates at least one entry of the replica store.
  - 34. The computer program product executable of claim 30, wherein the master store invalidates at least one entry of a second master store.

35. A synchronization facility comprising:
- a detector of an invalidated entry of a replica store; and
  
  an authenticator that chains to a master store authentication requests corresponding to invalidated entries of the replica store.
- View Dependent Claims (36, 37, 38, 39)
- - 36. The synchronization facility of claim 35, wherein the master store synchronizes invalidated entries of the master store with corresponding entries of an authoritative store.
  - 37. The synchronization facility of claim 35, wherein the master store synchronizes the invalidated entry of the replica store to a corresponding entry of the master store.
  - 38. The synchronization facility of claim 35, wherein the authenticator authenticates, on the replica store, authentication requests received by the replica store corresponding to valid entries.
  - 39. The synchronization facility of claim 35, wherein the master store pushes invalidated information to the replica store.

40. An apparatus comprising:
- a replica store;
  
  means for synchronizing an invalidated entry of a replica store to an entry of an authoritative store that employs a different protective transform than the replica store.
- View Dependent Claims (41)
- - 41. The apparatus of claim 40 further comprising:
    - means for invalidating an entry of the replica store corresponding to a changed entry in the authoritative store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Coulbeck, Andrew, Wahl, Mark, Baldwin, Duane, Lavender, Robert Gregory, Kolics, Bertold

Application Number

US10/639,294
Publication Number

US 20040117667A1
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6236   between heterogeneous systems

H04L 61/4523   using lightweight directory...

H04L 61/4552   Lookup mechanisms between a...

H04L 63/083   using passwords cryptograph...

H04L 63/166   at the transport layer

H04L 67/1095   Replication or mirroring of...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Synchronization facility for information domains employing replicas

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Synchronization facility for information domains employing replicas

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links